OCI-Networking-Subnet-Multi-AD

Owned by naveen
Last updated: Dec 21, 2021
1 min read

Severity : Medium

Description: This control ensures that the Subnet in a VNC is created as regional type not to a specific Availability Domains. The Subnets in a VNC can be created with type as regional or AD-specific. A regional type subnet can contain resources in any availability domains of a region , While an availability domain specific subnet can only have resources in that domain. Regional subnets span across multiple availability domains increasing the availability and durability of the resources launched within it

Remediation Steps:

Perform following to create subnets with regional type in the VNC :

  1. Login to the OCI console at Cloud Sign In.

  2. In navigation click Networking and then click Virtual Cloud Networks.

  3. Click on the VNC reported.

  4. Click Create Subnet.

  5. In Create Subnet, Select Compartment and Enter Name for Subnet.

  6. For Subnet Type, Select Regional type as this can be used in any AD for the Region.

  7. Enter the CIDR block, route table for the subnet.

  8. Select Subnet Access as Private or Public to control access to the subnet.

  9. Configure DNS Label, Domain Name and DHCP options.

  10. Configure Security Lists.

  11. Click Create.

Important:

  • The SubnetType can not be changed once a subnet is created. To fix the availability domain old subnet must be deleted and recreated with regional subnet type.

Reference:

Blue Hexagon Proprietary